package com.hfzy.ihk.web.oauth.server.filter;

import com.hfzy.ihk.facade.userCenter.vo.LoginUserInfo;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;

/**
 * 暂时没用
 */
//@Component
public class CustomerSecurityFilter extends GenericFilterBean {

    //加个标记，防止被执行两次
    //在spring容器托管的GenericFilterBean的bean，都会自动加入到servlet的filter chain，而我们还额外把filter加入到了spring security的
    //最后一个Filter之前。而spring security也是一系列的filter，在mvc的filter之前执行。因此在鉴权通过的情况下，就会先后各执行一次。
    private static final String FILTER_APPLIED = "__spring_security_customerFilter_filterApplied";
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest.getAttribute(FILTER_APPLIED) != null) { //登录过了
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        System.out.println("哎呦呵，来啦");

        //替换用户信息，具体替换步骤参考上一个替换，这个用户最好存入缓存，毕竟过滤器过滤的请求挺多，每次都要查询很坑的
        servletRequest.setAttribute(FILTER_APPLIED, true);
        filterChain.doFilter(servletRequest, servletResponse);
    }

}
